Resolving proxy DNS servers run by someone else with whom one has a
contractual relationship for proxy DNS service.

Provision of proxy DNS service is something that happens by private
arrangement. Anyone who intends to provide you with proxy DNS service
will have told you directly what IP address(es) to employ to obtain it.

Local proxy DNS servers

The best source of proxy DNS service is, of course, a proxy DNS server
that one (or one's organization) owns, and runs onesself. It provides one
with full control over the server, its security, the machine(s) that it
runs on, and the view of the DNS namespace that it provides. It's simple
with most operating systems to do this. Many, including Unices and Linux,
come bundled with DNS server softwares, and even have alternative
softwares such as
djbdns available. OS/2 has
the Internet Utilities for OS/2
and ports of BIND. Microsoft Windows has Microsoft's DNS server (bundled
with the "Server" flavours of Windows) and ports of BIND.

If you are part of a large organization, there is a good chance that the
network administrators run a local proxy DNS server for the organization,
on machines internal to the organization's network. And that is what you
use. If you run your network yourself, then simply set up such a proxy
DNS server somewhere on that network.

Proxy DNS servers provided by ISPs

ISPs often provide proxy DNS service to their paying customers, as part of
the private service arrangements between the ISP and the customers. If
you are a customer of such an ISP, you will have been told about the IP
addresses of its proxy DNS servers in one of several ways:

For some ISPs, this information is provided in a "welcome pack" that is
given to all customers when they first subscribe to the service.

Good quality ISPs also publish it on a "Summary of configuration
information that you need" web page of some sort on their own web sites.

Other ISPs provide the information dynamically as part of the information
sent to your machine via DHCP or PPP.

If your ISP does not provide you with proxy DNS service, or if the proxy
DNS service that it provides is unsatisfactory (for example, because it is
not secure against cache poisoning, because it provides the wrong view of
the DNS namespace, or because it can leak information about your DNS
lookups to other customers) then one option that you have is to run your
own resolving proxy DNS server, of course.

Mis-use of content DNS servers

A few organizations have content DNS servers, listed in the public DNS
database, that also just happen to provide proxy DNS service. Some people
think that one can go to content DNS servers for proxy DNS service as
well, just by picking the IP addresses of content DNS servers out of the
DNS database. One cannot do this and assume that it will work, because
it usually will not nowadays.

This is because more and more organizations, over the years, have adopted
what has long been known to be best practice for DNS service: not
providing promiscuous proxy DNS service to the world, tightening up one's
listed DNS services to provide only content DNS service. This
best practice is recommended by most DNS software authors (such as
Dan Bernstein here,
for example), most good books on DNS, and many experts in the field.
More and more organizations have gradually come to realize that it isn't
in their interests to provide free proxy DNS service to complete
strangers. The number of content DNS servers that also double as proxy
DNS servers has dwindled, and should eventually, should everyone adopt
best practice, reach zero.

(Hitting an organisation's listed content DNS server for proxy DNS service
is a good way to draw a DNS administrator's attention, via the increased
cost and resource usage, to the fact that xe is unwisely providing
promiscuous proxy DNS service and should stop doing so.)

The listings in the public DNS database indicate where to find an
organization's content DNS servers, not where to find its proxy
DNS servers. Indeed, if an organization is employing best practice, its
proxy DNS server won't actually be listening on an IP address that you can
reach.

Public proxy providers

There are several organizations that explicitly provide
promiscuous proxy DNS service for use by the public at large.
They list the IP address(es) of their public proxy DNS servers on a WWW
page or some such, and give instructions on how to reconfigure the DNS
clients on one's machines to use their resolving proxy DNS servers
instead.

It is fair to observe that there are a few organizations that do this out
of genuinely altruistic motivations. Organizations such as the Pacific
Root, for example, provide promiscuous proxy DNS servers for the benefits
of those (few) people who cannot run their own proxy DNS servers, and
whose ISPs' proxy DNS servers provide only the diminutive root. But such
organizations are (lamentably, but not unexpectedly) outnumbered by those
that provide proxy DNS service for other reasons, less beneficial to the
service users.

Always bear in mind this maxim: Using someone else's proxy DNS
service hands over full control of what one's view of the DNS namespace is
to that person. This is why it is important that if one entrusts
proxy DNS service to someone else, it be someone with whom one has a
contractual relationship for service, such as an Internet Service
Provider. Without the contractual relationship, there's no redress and no
incentive for providing an aboveboard service.

Case study: Comodo hi-jacking domain names that it doesn't own

One example of a promiscuous proxy DNS service provider with ulterior
motives is Comodo, who, as of March 2010, is providing promiscuous proxy
DNS service for free, advertising it in its sales blurb on the grounds of
its security. Aside from the fact that running one's own resolving proxy
DNS server locally, as long as one does so in accordance with best
practice (as aforementioned), will yield just as secure a server
that additionally isn't as far away across Internet as Comodo's servers
are and whose outages one can fix onesself, briefly mentioned in the blurb
is the fact that Comodo's servers will make up fake answers for
mis-spelled non-existent domain names.

Here's an example of this in action, first querying an ordinary, secure,
local proxy DNS server, then querying the Comodo promiscuous proxy DNS
server, and finally looking up the non-mis-spelled name.

Notice that Comodo's promiscuous proxy DNS servers map the mis-spelled
name to an IP address that isn't Microsoft's. Mis-spell Microsoft's name,
and Comodo won't, contrary to the sales blurb, "automatically detect and
forward" lookups for non-existent mis-spelled domain names to the right
place. It detects them all right, but it directs them to IP addresses
controlled by Comodo itself. Mis-spell Microsoft's name, and you'll end
up talking to Comodo's WWW/mail/file/time servers, not Microsoft's as you
might think from the sales blurb.

Similarly, according to Comodo there's a Hogwart's University in the U.S.,
and a U.S. Government Department of Silly Walks:

Touted as a feature, this is in fact a simple recurrence of the same sort
of Internet coup
that Verisign tried in 2003 with
SiteFinder.
The problems with such an idea are many, and can be found detailed in the
aforelinked Frequently Given Answer as well as in technical reports from
ICANN and the IAB. Suffice it to say that this is a bad idea
that the world has learned better than to do.

The alternative root services aren't motivated by domain name hi-jacking.
They will still delegate control of (for examples) the entirety of
com. and net. to Verisign. They extend the
root, providing top-level domains that the diminutive roots have been,
historically, glacially slow to provide. Organizations like Comodo, in
contrast, are hi-jacking non-existent domain names within all of
the top-level domains, and mapping them to their own IP addresses.

And there is, of course, nothing stopping Comodo deciding do this with
domain names that actually exist, as well. In (almost) the words of the
well-known slogan:
Where do you think www.microsoft.com. will go, today?